trickbot

General

Target

0d3fdc1d1501628d2e0b7a77a8b77c39b6dbf2c4dc9a796cc31b751eda1dfc59
Size

263KB
Sample

210324-3v7r27we92
MD5

6cd15c65394b3b10a008a295be6636a2
SHA1

04dff3ba7efc902331f798ff4100635140e47bd8
SHA256

0d3fdc1d1501628d2e0b7a77a8b77c39b6dbf2c4dc9a796cc31b751eda1dfc59
SHA512

036939474a315a80ba1c57a12f3d9d7461cc50fa31dea4bcfa03604536a3676e3ebc5bd4c611963688ccd5224e7b84a04f12b90b7a8e2f4c3c556d7f622f717f

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

2000027

Botnet

rob35

C2

174.105.236.140:443

67.79.117.70:443

162.155.225.130:443

70.235.74.189:443

72.164.254.204:443

173.219.76.169:443

98.6.253.142:443

137.27.167.58:443

24.182.101.64:449

50.208.68.153:443

67.212.241.127:443

99.147.197.147:443

216.186.128.26:443

174.105.233.82:443

70.119.220.241:443

70.125.241.196:443

24.153.175.236:443

96.68.79.18:443

75.87.15.158:443

47.190.2.12:443

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  0d3fdc1d1501628d2e0b7a77a8b77c39b6dbf2c4dc9a796cc31b751eda1dfc59
- Size
  
  263KB
- MD5
  
  6cd15c65394b3b10a008a295be6636a2
- SHA1
  
  04dff3ba7efc902331f798ff4100635140e47bd8
- SHA256
  
  0d3fdc1d1501628d2e0b7a77a8b77c39b6dbf2c4dc9a796cc31b751eda1dfc59
- SHA512
  
  036939474a315a80ba1c57a12f3d9d7461cc50fa31dea4bcfa03604536a3676e3ebc5bd4c611963688ccd5224e7b84a04f12b90b7a8e2f4c3c556d7f622f717f
Score

10^/10

trickbot rob35 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Looks up external IP address via web service

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2